MicrosoftThis is a fantastic article, even two years later. I'm glad to see things like PKI pointed out in the comments, as when I've evaluated moves to embracing only AAD join, that is often one of the bigger roadblocks. Reading the comments and helpful replies has been great, as it seems like there may be some other options in this area. That is a subject I'd love to see it's own detailed post on quite frankly. Something that goes into detail on deploying client certificates to support things like 802.1x with AAD joined PCs would be fantastic.
But there is another area that I've always gotten a bit hung up on that I'm curious if you can comment on. One of the benefits to having a device joined to a traditional AD DS domain is the ability to do secure dynamic DNS updates. I'd imagine a number or organizations who would want to use AAD are also quite likely running a Windows Server DNS infrastructure. What's the solution for users with an AAD joined device around DNS?
